Certificates News, Articles and Updates

Hackers could obfuscate malware through code signing and SSL certificates

Made to order certificates available on the dark web. Security researchers have discovered that hackers are able to obfuscate malware through code signing and SSL certificates.

Compromising security certificates is top priority for cyber-criminals

Digital security certificates assure regular users that the websites they visit can be trusted and are free of malicious code. But if security certificates are themselves compromised, how can users be protected from malicious hackers?

Hackers could get certificates for domains they don't own

Certificate authority Let's Encrypt has disabled TLS-SNI-01 validation on its service. Through the vulnerability, a hacker could have requested certificates for domains that were not theirs.

GCSE computing exam entrants falls, infosec job recruitment in trouble

The new GCSE was meant to have provided pupils skills for the future, but no one is doing the course, where did we go wrong?

Mozilla says more traffic now encrypted than not

The web firm Mozilla claims that despite it's failings, the use of HTTPS by web users is still preferable to them not doing so.

SSL handshake weakness leaves MacOS, iOS devices open to MitM attacks

A fundamental fault in the SSL handshake could allow hackers to use subvert MacOS and iOS devices and recruit them into a DDoS attack.

Retefe banking Trojan now targeting UK banking customers

Avast Security is reporting that the Retefe banking Trojan is now targeting UK banking customers by redirecting them to fake banking websites.

The new security landscape: more encryption, more problems

The Certificate Authority (CA) model is broken and the value of certificates is being chipped away, resulting in a lack of trust says Kevin Bocek, adding that his might lead users and even the major browsers to begin to rank CAs.

Let's Encrypt says get your free digital security certificates here

Let's Encrypt, an initiative of the Internet Security Research Group, has opened its free-of-charge digital certificate store to all.

Win32/CompromisedCert.D is now certifiably Dell-stroyed

Windows Defender has come to the rescue giving users the ability to detect and remove the vulnerable Dell certificates from the certificate root store, as well as the affected binaries that might re-install it.

Mozilla may reject SHA-1 certificates six months early

Mozilla has stepped up pressure on enterprise companies that continue to use SHA-1 certificates after research last month demonstrated the algorithm could be broken in as little as three months.

Nearly 1m sites at risk because they use 'insecure' SHA-1 encryption

Close to 1 million websites are at risk from fraudsters because they continue to place their trust in security certificates using the vulnerable SHA-1 hashing algorithm.

Fraudsters exploit weak SSL certificate security to set up hundreds of phishing sites

Certificate authorities are granting SSL certificates to the owners of spoof domain names which are being used to phish customers of well-known retail and banking brands.

Unprotected keys and certificates losing customers for businesses

Certificate and key errors are costing businesses dearly and undermining the global economy, according to a Ponemon/Venafi report.

ICYMI: hospital in email breach; crashing Chrome; Symantec purges; ICO more free; Apple apps snapped

In this week's In Case You Missed It (ICYMI): NHS hospital email breached; crash Google Chrome in 16 chars; Symantec dismisses staff over certs; ICO moved from MOJ to Culture; Apple apps infected with malware.

Leaked D-Link security key allows hackers to disguise malware as legit

A leak of a major technology company's security key has been discovered, allowing hackers to convince Windows that their malware is legit.

Security pros failing to check rampant misuse of digital certificates

While acknowledging threats from digital certificates, many security professionals are failing to get to grips with the problem, claims Venafi in a new report.

CESG forced to pull HTTPS website as SSL certificate gets revoked

CESG, the information arm of GCHQ, was forced to take down its HTTPS website earlier this week after the organisation's SSL digital certificate was revoked.

Google refuses to accept Chinese internet certificates

Google has reacted quickly to a suspected security breach last week by refusing to recognise certificates from Chinese authority CNNIC.

Key and certificate challenges could end up costing UK businesses £247 million

A lack of control over cryptographic keys and certificates could leave large UK businesses open to attack.

Bit9 attack took place five months before detection, company suspects larger campaign

It was five months before the intrusion at Bit9 was detected.

Attacks on businesses could cost £260 million due to certificate and key issues

Businesses do not get the concept of certificate management and there is a lack of trust between users, according to Venafi.

Bit9 rocked by attackers who breach certificates and sign them as malware

Whitelisting technology vendor Bit9 was hacked at the end of Friday, with hackers accessing its code-signing certificates and enabling them to digitally sign malware to appear as legitimate files.

DigiNotar hack details revealed by Dutch government

Details of the hack that lead to man-in-the-middle attacks on hundreds of thousands of Iranians' Google accounts and ultimately the liquidation of certificate authority DigiNotar have been released by the Dutch government.